VIR Vulnerability Intelligence Relay

CVE-2012-0943

low
Published 2014-05-22 ยท Modified 2026-05-06
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
3.1

Description

debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-36966 local linux verified
Ryan Lortie ยท 2012-03-13

LightDM 1.0.6 - Arbitrary File Deletion

Source code queued for fetch โ€” refresh in a moment.

OS impact
ubuntu Ubuntu Affected 1 release
VersionStatusFixed in
11.10 Affected โ€”
debian Debian Fixed 5 releases
VersionStatusFixed in
trixie Fixed 0
sid Fixed 0
forky Fixed 0
bullseye Fixed 0
bookworm Fixed 0

Application impact
VendorProductVersionsFixed
robert_ancelllightdm1.0.0
robert_ancelllightdm1.0.1
robert_ancelllightdm1.0.2
robert_ancelllightdm1.0.3
robert_ancelllightdm1.0.4
robert_ancelllightdm1.0.5
robert_ancelllightdm1.1.0
robert_ancelllightdm1.1.1
robert_ancelllightdm1.1.2
robert_ancelllightdm1.1.3
robert_ancelllightdm1.1.4
robert_ancelllightdm1.1.5
robert_ancelllightdm1.1.6

References

CWEs

CWE-264

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.